Most Ubuntu Linux Installations Are Affected By A Dangerous Remote Code Execution Bug

Short Bytes: All recent Ubuntu Linux releases ship with Apport crash handling software. A security researcher has discovered a flaw in this utility that allows an attacker to remotely execute code using a malicious booby-trapped file. Ubuntu has released the fix for the same, which can be grabbed via simple Ubuntu update.

Most of you might be knowing that remote code execution is one of the most common means of triggering arbitrary code execution from a remote machine via the internet. Coupled with privilege escalation, it turns out to be any computer user’s worst nightmare.

A security researcher, Donncha O’Cearbhaill, has uncovered a remote code execution bug in Ubuntu Linux operating system. O’Cearbhaill found that the hack affects all default Ubuntu installations of versions 12.10 and later.

This exploit takes advantage of the Apport crash reporting tool on Ubuntu Linux. The researcher found that he could inject malicious code in Ubuntu’s crash handler by crafting a crash file. When parsed, this file executes arbitrary Python code. The vulnerable code was introduced in Apport revision 2464 on 2012-08-22.

“The code first checks if the CrashDB field starts with { indicating the start of a Python dictionary,” the researcher writes. If { is found, Apport calls Python’s eval() method with the value of CrashDB field. The passed data is executed as a Python expression, leading to Python code execution. The details of the bug can be found here.

all default Ubuntu installations of versions 12.10 & later are affected

The attacker simply needs to fool the Ubuntu user into opening a single document that targets the bug in Apport crash reported.

O’Cearbhaill has posted the copy of his proof-of-concept source code on GitHub as well. He has also shared a video that shows the attack in action:

Ubuntu has released a fix for this bug, which is available via the simple update.

Did you find this article on Ubuntu Apport crash reporter bug helpful? Share your feedback and views in the comments section.